Check Point Advisories

IPS-1 Updates against Adobe, Microsoft Windows, Microsoft DirectShow and OpenOffice.org Vulnerabilities

Vulnerability
Protection

Check Point Reference:	CPAI-2008-205
Date Published:	26 Feb 2008
Severity:	Critical
Last Updated:	Tuesday 01 January, 2008
Source:	FrSIRT/ADV-2007-1215 Secunia Advisory: SA28010 ISS X-Force Database: 34843 ISS X-Force Database: 35337
Industry Reference:	CVE-2007-3456 CVE-2007-1212 CVE-2007-3895 CVE-2007-0245
Protection Provided by:
Who is Vulnerable?	Adobe Flash Player 9.0.45.0 and earlier Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows Server 2003 Gold, SP1, and SP2 Microsoft Vista Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 OpenOffice.org (OOo) 2.2.1 and earlier
Vulnerability Description	Vulnerabilities in versions of Adobe, Microsoft Windows, Microsoft DirectShow and OpenOffice.org would, if exploited, might allow remote or local attackers to execute arbitrary code on a vulnerable system.
Vulnerability Details	Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our .